Red Hat Red Hat Linux OS and other open source products

Do you want an email whenever new security vulnerabilities are reported in any Red Hat product?

Products by Red Hat Sorted by Most Security Vulnerabilities since 2018

Red Hat Enterprise Linux Server898 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.

Red Hat Enterprise Linux Workstation878 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.

Red Hat Enterprise Linux Desktop867 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop

Red Hat Enterprise Linux (RHEL)512 vulnerabilities

Red Hat Enterprise Linux Eus237 vulnerabilities

Red Hat Openstack118 vulnerabilities

Red Hat Virtualization88 vulnerabilities

Red Hat Enterprise Mrg69 vulnerabilities

Red Hat Satellite65 vulnerabilities

Red Hat Ansible Tower64 vulnerabilities

Red Hat Keycloak47 vulnerabilities

Red Hat Linux Workstation45 vulnerabilities

Red Hat Linux Desktop45 vulnerabilities

Red Hat Linux Server45 vulnerabilities

Red Hat Single Sign On41 vulnerabilities

Red Hat Virtualization Host39 vulnerabilities

Red Hat Ceph Storage33 vulnerabilities

Red Hat Openshift31 vulnerabilities

Red Hat Enterprise Linux Aus29 vulnerabilities

Red Hat Ansible25 vulnerabilities

Red Hat Ansible Engine25 vulnerabilities

Red Hat Jboss Fuse24 vulnerabilities

Red Hat Cloudforms21 vulnerabilities

Red Hat Libvirt18 vulnerabilities

Red Hat Software Collections14 vulnerabilities

Red Hat Undertow14 vulnerabilities
Java HTTP Server and Servlet Container

Red Hat Decision Manager13 vulnerabilities

Red Hat Gluster Storage13 vulnerabilities

Red Hat Jboss Data Grid13 vulnerabilities

Red Hat Wildfly12 vulnerabilities

Red Hat Ceph11 vulnerabilities

Red Hat Openshift Service Mesh11 vulnerabilities

Red Hat Storage11 vulnerabilities

Red Hat Quay11 vulnerabilities

Red Hat Virtualization Manager10 vulnerabilities

Red Hat Jboss Core Services10 vulnerabilities

Red Hat Process Automation9 vulnerabilities

Red Hat Enterprise Linux Tus9 vulnerabilities

Red Hat Openstack Platform8 vulnerabilities

Red Hat Data Grid7 vulnerabilities

Red Hat Resteasy7 vulnerabilities

Red Hat Satellite Capsule7 vulnerabilities

Red Hat Linux6 vulnerabilities

Red Hat Certification6 vulnerabilities

Red Hat Jboss Brms6 vulnerabilities

Red Hat 3scale5 vulnerabilities

Red Hat Automation Manager5 vulnerabilities

Red Hat Developer Tools5 vulnerabilities

Red Hat Etcd5 vulnerabilities

Red Hat Jboss Bpm Suite5 vulnerabilities

Red Hat Amq4 vulnerabilities

Red Hat Descision Manager4 vulnerabilities

Red Hat Spacewalk4 vulnerabilities

Red Hat Icedtea4 vulnerabilities

Red Hat Integration Camel K4 vulnerabilities

Red Hat Jboss A Mq4 vulnerabilities

Red Hat 389 Directory Server3 vulnerabilities

Red Hat Build Of Quarkus3 vulnerabilities

Red Hat Ceph Storage Mon3 vulnerabilities

Red Hat Ceph Storage Osd3 vulnerabilities

Red Hat Certificate System3 vulnerabilities

Red Hat Mrg Realtime3 vulnerabilities

Red Hat Richfaces3 vulnerabilities

Red Hat Rkt3 vulnerabilities

Red Hat Ovirt Engine3 vulnerabilities

Red Hat Shim3 vulnerabilities

Red Hat Openstack Mistral2 vulnerabilities

Recent Red Hat Security Advisories

Advisory Title Published
RHSA-2021:4839 (RHSA-2021:4839) Important: mailman:2.1 security update November 24, 2021
RHSA-2021:4837 (RHSA-2021:4837) Important: mailman:2.1 security update November 24, 2021
RHSA-2021:4838 (RHSA-2021:4838) Important: mailman:2.1 security update November 24, 2021
RHSA-2021:4826 (RHSA-2021:4826) Important: mailman:2.1 security update November 23, 2021
RHSA-2021:4779 (RHSA-2021:4779) Important: kernel-rt security and bug fix update November 23, 2021
RHSA-2021:4777 (RHSA-2021:4777) Important: kernel security and bug fix update November 23, 2021
RHSA-2021:4798 (RHSA-2021:4798) Important: kpatch-patch security update November 23, 2021
RHSA-2021:4774 (RHSA-2021:4774) Important: kernel security update November 23, 2021
RHSA-2021:4773 (RHSA-2021:4773) Important: kpatch-patch security update November 23, 2021
RHSA-2021:4768 (RHSA-2021:4768) Important: kernel security update November 23, 2021

@RedHat Tweets

See what Red Hatters are reading and sharing this week in the Friday Five blog post: https://t.co/xJ4N0lk4wz. https://t.co/qlxAfaIiyI
Fri Nov 26 13:59:01 +0000 2021

The public sector serves all sorts of public needs. The software supporting those services should be versatile, too… https://t.co/LYiHScKTdj
Thu Nov 25 02:00:12 +0000 2021

Robots are efficient at their tasks, but still, depend on humans for empathy and morality. #CommandLinePod asks: Ho… https://t.co/AKceXmFD5p
Wed Nov 24 20:00:11 +0000 2021

From deploying on-prem, in the cloud, or at the #edge - #Red Hat Enterprise #Linux 8.5 makes it easier to manage an… https://t.co/75Cq95sOnZ
Wed Nov 24 19:00:10 +0000 2021

Security automation relates directly to #DevSecOps practices, which require continuous and automated security throu… https://t.co/8mOI7Oiyaq
Wed Nov 24 17:00:21 +0000 2021

By the Year

In 2021 there have been 804 vulnerabilities in Red Hat with an average score of 6.6 out of ten. Last year Red Hat had 522 security vulnerabilities published. That is, 282 more vulnerabilities have already been reported in 2021 as compared to last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.22.

Year Vulnerabilities Average Score
2021 804 6.63
2020 522 6.41
2019 473 7.14
2018 603 7.36

It may take a day or so for new Red Hat vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Security Vulnerabilities

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames

CVE-2021-3672 7.3 - High - November 23, 2021

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

XSS

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames

CVE-2021-3672 7.3 - High - November 23, 2021

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

XSS

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames

CVE-2021-3672 7.3 - High - November 23, 2021

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

XSS

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames

CVE-2021-3672 7.3 - High - November 23, 2021

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

XSS

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames

CVE-2021-3672 7.3 - High - November 23, 2021

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

XSS

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames

CVE-2021-3672 7.3 - High - November 23, 2021

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

XSS

When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker

CVE-2021-3935 8.1 - High - November 22, 2021

When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.

SQL Injection

A flaw was found in python-pip in the way it handled Unicode separators in git references

CVE-2021-3572 5.7 - Medium - November 10, 2021

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

A flaw was found in python-pip in the way it handled Unicode separators in git references

CVE-2021-3572 5.7 - Medium - November 10, 2021

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

A flaw was found in python-pip in the way it handled Unicode separators in git references

CVE-2021-3572 5.7 - Medium - November 10, 2021

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

An issue was discovered in the Linux kernel before 5.14.15

CVE-2021-43389 5.5 - Medium - November 04, 2021

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

Out-of-bounds Read

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection

CVE-2021-38502 5.9 - Medium - November 03, 2021

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

Insufficiently Protected Credentials

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38501 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38500 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

During process shutdown

CVE-2021-38498 7.5 - High - November 03, 2021

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Dangling pointer

Through use of reportValidity() and window.open()

CVE-2021-38497 6.5 - Medium - November 03, 2021

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Origin Validation Error

During operations on MessageTasks

CVE-2021-38496 8.8 - High - November 03, 2021

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Dangling pointer

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection

CVE-2021-38502 5.9 - Medium - November 03, 2021

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

Insufficiently Protected Credentials

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38501 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38500 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

During process shutdown

CVE-2021-38498 7.5 - High - November 03, 2021

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Dangling pointer

Through use of reportValidity() and window.open()

CVE-2021-38497 6.5 - Medium - November 03, 2021

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Origin Validation Error

During operations on MessageTasks

CVE-2021-38496 8.8 - High - November 03, 2021

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Dangling pointer

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection

CVE-2021-38502 5.9 - Medium - November 03, 2021

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

Insufficiently Protected Credentials

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38501 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38500 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

During process shutdown

CVE-2021-38498 7.5 - High - November 03, 2021

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Dangling pointer

Through use of reportValidity() and window.open()

CVE-2021-38497 6.5 - Medium - November 03, 2021

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Origin Validation Error

During operations on MessageTasks

CVE-2021-38496 8.8 - High - November 03, 2021

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Dangling pointer

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection

CVE-2021-38502 5.9 - Medium - November 03, 2021

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

Insufficiently Protected Credentials

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38501 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38500 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

During process shutdown

CVE-2021-38498 7.5 - High - November 03, 2021

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Dangling pointer

Through use of reportValidity() and window.open()

CVE-2021-38497 6.5 - Medium - November 03, 2021

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Origin Validation Error

During operations on MessageTasks

CVE-2021-38496 8.8 - High - November 03, 2021

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Dangling pointer

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38501 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38500 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

During process shutdown

CVE-2021-38498 7.5 - High - November 03, 2021

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Dangling pointer

Through use of reportValidity() and window.open()

CVE-2021-38497 6.5 - Medium - November 03, 2021

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Origin Validation Error

During operations on MessageTasks

CVE-2021-38496 8.8 - High - November 03, 2021

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Dangling pointer

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38501 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38500 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

During process shutdown

CVE-2021-38498 7.5 - High - November 03, 2021

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Dangling pointer

Through use of reportValidity() and window.open()

CVE-2021-38497 6.5 - Medium - November 03, 2021

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Origin Validation Error

During operations on MessageTasks

CVE-2021-38496 8.8 - High - November 03, 2021

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Dangling pointer

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38501 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38500 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

During process shutdown

CVE-2021-38498 7.5 - High - November 03, 2021

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Dangling pointer

Through use of reportValidity() and window.open()

CVE-2021-38497 6.5 - Medium - November 03, 2021

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Origin Validation Error

During operations on MessageTasks

CVE-2021-38496 8.8 - High - November 03, 2021

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Dangling pointer

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38501 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1

CVE-2021-38500 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

During process shutdown

CVE-2021-38498 7.5 - High - November 03, 2021

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Dangling pointer

Through use of reportValidity() and window.open()

CVE-2021-38497 6.5 - Medium - November 03, 2021

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Origin Validation Error

During operations on MessageTasks

CVE-2021-38496 8.8 - High - November 03, 2021

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Dangling pointer

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13

CVE-2021-38493 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

Buffer Overflow

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13

CVE-2021-38493 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

Buffer Overflow

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13

CVE-2021-38493 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

Buffer Overflow

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13

CVE-2021-38493 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

Buffer Overflow

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13

CVE-2021-38493 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

Buffer Overflow

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13

CVE-2021-38493 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

Buffer Overflow

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13

CVE-2021-38493 8.8 - High - November 03, 2021

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

Buffer Overflow

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16

CVE-2021-43267 9.8 - Critical - November 02, 2021

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Improper Input Validation

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16

CVE-2021-43267 9.8 - Critical - November 02, 2021

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Improper Input Validation

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16

CVE-2021-43267 9.8 - Critical - November 02, 2021

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Improper Input Validation

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16

CVE-2021-43267 9.8 - Critical - November 02, 2021

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Improper Input Validation

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16

CVE-2021-43267 9.8 - Critical - November 02, 2021

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Improper Input Validation

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16

CVE-2021-43267 9.8 - Critical - November 02, 2021

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Improper Input Validation

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.