Red Hat Linux OS and other open source products
Products by Red Hat Sorted by Most Security Vulnerabilities since 2018
Red Hat Enterprise Linux Server898 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.
Red Hat Enterprise Linux Workstation878 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.
Red Hat Enterprise Linux Desktop867 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop
Recent Red Hat Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2021:4839 | (RHSA-2021:4839) Important: mailman:2.1 security update | November 24, 2021 |
| RHSA-2021:4837 | (RHSA-2021:4837) Important: mailman:2.1 security update | November 24, 2021 |
| RHSA-2021:4838 | (RHSA-2021:4838) Important: mailman:2.1 security update | November 24, 2021 |
| RHSA-2021:4826 | (RHSA-2021:4826) Important: mailman:2.1 security update | November 23, 2021 |
| RHSA-2021:4779 | (RHSA-2021:4779) Important: kernel-rt security and bug fix update | November 23, 2021 |
| RHSA-2021:4777 | (RHSA-2021:4777) Important: kernel security and bug fix update | November 23, 2021 |
| RHSA-2021:4798 | (RHSA-2021:4798) Important: kpatch-patch security update | November 23, 2021 |
| RHSA-2021:4774 | (RHSA-2021:4774) Important: kernel security update | November 23, 2021 |
| RHSA-2021:4773 | (RHSA-2021:4773) Important: kpatch-patch security update | November 23, 2021 |
| RHSA-2021:4768 | (RHSA-2021:4768) Important: kernel security update | November 23, 2021 |
@RedHat Tweets
Fri Nov 26 13:59:01 +0000 2021
Thu Nov 25 02:00:12 +0000 2021
Wed Nov 24 20:00:11 +0000 2021
Wed Nov 24 19:00:10 +0000 2021
Wed Nov 24 17:00:21 +0000 2021
By the Year
In 2021 there have been 804 vulnerabilities in Red Hat with an average score of 6.6 out of ten. Last year Red Hat had 522 security vulnerabilities published. That is, 282 more vulnerabilities have already been reported in 2021 as compared to last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.22.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2021 | 804 | 6.63 |
| 2020 | 522 | 6.41 |
| 2019 | 473 | 7.14 |
| 2018 | 603 | 7.36 |
It may take a day or so for new Red Hat vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Security Vulnerabilities
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames
CVE-2021-3672
7.3 - High
- November 23, 2021
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
XSS
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames
CVE-2021-3672
7.3 - High
- November 23, 2021
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
XSS
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames
CVE-2021-3672
7.3 - High
- November 23, 2021
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
XSS
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames
CVE-2021-3672
7.3 - High
- November 23, 2021
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
XSS
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames
CVE-2021-3672
7.3 - High
- November 23, 2021
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
XSS
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames
CVE-2021-3672
7.3 - High
- November 23, 2021
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
XSS
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker
CVE-2021-3935
8.1 - High
- November 22, 2021
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.
SQL Injection
A flaw was found in python-pip in the way it handled Unicode separators in git references
CVE-2021-3572
5.7 - Medium
- November 10, 2021
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
A flaw was found in python-pip in the way it handled Unicode separators in git references
CVE-2021-3572
5.7 - Medium
- November 10, 2021
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
A flaw was found in python-pip in the way it handled Unicode separators in git references
CVE-2021-3572
5.7 - Medium
- November 10, 2021
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
An issue was discovered in the Linux kernel before 5.14.15
CVE-2021-43389
5.5 - Medium
- November 04, 2021
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
Out-of-bounds Read
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection
CVE-2021-38502
5.9 - Medium
- November 03, 2021
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.
Insufficiently Protected Credentials
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38501
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38500
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
During process shutdown
CVE-2021-38498
7.5 - High
- November 03, 2021
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Dangling pointer
Through use of reportValidity() and window.open()
CVE-2021-38497
6.5 - Medium
- November 03, 2021
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Origin Validation Error
During operations on MessageTasks
CVE-2021-38496
8.8 - High
- November 03, 2021
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
Dangling pointer
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection
CVE-2021-38502
5.9 - Medium
- November 03, 2021
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.
Insufficiently Protected Credentials
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38501
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38500
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
During process shutdown
CVE-2021-38498
7.5 - High
- November 03, 2021
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Dangling pointer
Through use of reportValidity() and window.open()
CVE-2021-38497
6.5 - Medium
- November 03, 2021
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Origin Validation Error
During operations on MessageTasks
CVE-2021-38496
8.8 - High
- November 03, 2021
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
Dangling pointer
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection
CVE-2021-38502
5.9 - Medium
- November 03, 2021
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.
Insufficiently Protected Credentials
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38501
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38500
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
During process shutdown
CVE-2021-38498
7.5 - High
- November 03, 2021
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Dangling pointer
Through use of reportValidity() and window.open()
CVE-2021-38497
6.5 - Medium
- November 03, 2021
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Origin Validation Error
During operations on MessageTasks
CVE-2021-38496
8.8 - High
- November 03, 2021
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
Dangling pointer
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection
CVE-2021-38502
5.9 - Medium
- November 03, 2021
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.
Insufficiently Protected Credentials
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38501
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38500
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
During process shutdown
CVE-2021-38498
7.5 - High
- November 03, 2021
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Dangling pointer
Through use of reportValidity() and window.open()
CVE-2021-38497
6.5 - Medium
- November 03, 2021
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Origin Validation Error
During operations on MessageTasks
CVE-2021-38496
8.8 - High
- November 03, 2021
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
Dangling pointer
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38501
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38500
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
During process shutdown
CVE-2021-38498
7.5 - High
- November 03, 2021
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Dangling pointer
Through use of reportValidity() and window.open()
CVE-2021-38497
6.5 - Medium
- November 03, 2021
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Origin Validation Error
During operations on MessageTasks
CVE-2021-38496
8.8 - High
- November 03, 2021
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
Dangling pointer
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38501
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38500
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
During process shutdown
CVE-2021-38498
7.5 - High
- November 03, 2021
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Dangling pointer
Through use of reportValidity() and window.open()
CVE-2021-38497
6.5 - Medium
- November 03, 2021
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Origin Validation Error
During operations on MessageTasks
CVE-2021-38496
8.8 - High
- November 03, 2021
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
Dangling pointer
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38501
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38500
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
During process shutdown
CVE-2021-38498
7.5 - High
- November 03, 2021
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Dangling pointer
Through use of reportValidity() and window.open()
CVE-2021-38497
6.5 - Medium
- November 03, 2021
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Origin Validation Error
During operations on MessageTasks
CVE-2021-38496
8.8 - High
- November 03, 2021
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
Dangling pointer
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38501
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1
CVE-2021-38500
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
During process shutdown
CVE-2021-38498
7.5 - High
- November 03, 2021
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Dangling pointer
Through use of reportValidity() and window.open()
CVE-2021-38497
6.5 - Medium
- November 03, 2021
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
Origin Validation Error
During operations on MessageTasks
CVE-2021-38496
8.8 - High
- November 03, 2021
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
Dangling pointer
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13
CVE-2021-38493
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
Buffer Overflow
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13
CVE-2021-38493
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
Buffer Overflow
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13
CVE-2021-38493
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
Buffer Overflow
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13
CVE-2021-38493
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
Buffer Overflow
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13
CVE-2021-38493
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
Buffer Overflow
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13
CVE-2021-38493
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
Buffer Overflow
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13
CVE-2021-38493
8.8 - High
- November 03, 2021
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
Buffer Overflow
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16
CVE-2021-43267
9.8 - Critical
- November 02, 2021
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Improper Input Validation
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16
CVE-2021-43267
9.8 - Critical
- November 02, 2021
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Improper Input Validation
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16
CVE-2021-43267
9.8 - Critical
- November 02, 2021
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Improper Input Validation
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16
CVE-2021-43267
9.8 - Critical
- November 02, 2021
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Improper Input Validation
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16
CVE-2021-43267
9.8 - Critical
- November 02, 2021
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Improper Input Validation
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16
CVE-2021-43267
9.8 - Critical
- November 02, 2021
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Improper Input Validation
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0
CVE-2021-42574
8.3 - High
- November 01, 2021
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Code Injection