Enterprise Linux (RHEL) Red Hat Enterprise Linux (RHEL)

Do you want an email whenever new security vulnerabilities are reported in Red Hat Enterprise Linux (RHEL)?

Recent Red Hat Enterprise Linux (RHEL) Security Advisories

Advisory Title Published
RHSA-2021:3144 (RHSA-2021:3144) Low: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update August 11, 2021
RHSA-2021:1547 (RHSA-2021:1547) Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update May 12, 2021
RHSA-2021:1546 (RHSA-2021:1546) Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update May 12, 2021

By the Year

In 2021 there have been 123 vulnerabilities in Red Hat Enterprise Linux (RHEL) with an average score of 6.7 out of ten. Last year Enterprise Linux (RHEL) had 91 security vulnerabilities published. That is, 32 more vulnerabilities have already been reported in 2021 as compared to last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.49.

Year Vulnerabilities Average Score
2021 123 6.70
2020 91 6.21
2019 129 6.94
2018 79 7.29

It may take a day or so for new Enterprise Linux (RHEL) vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Enterprise Linux (RHEL) Security Vulnerabilities

A flaw has been found in libssh in versions prior to 0.9.6

CVE-2021-3634 6.5 - Medium - August 31, 2021

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

Memory Corruption

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash

CVE-2021-40153 8.1 - High - August 27, 2021

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

Directory traversal

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5

CVE-2021-3605 5.5 - Medium - August 25, 2021

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Out-of-bounds Read

A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7

CVE-2021-3635 4.4 - Medium - August 13, 2021

A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.

Buffer Overflow

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add()

CVE-2021-3573 6.4 - Medium - August 13, 2021

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.

Race Condition

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution

CVE-2021-20314 9.8 - Critical - August 12, 2021

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

Memory Corruption

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext

CVE-2021-3580 7.5 - High - August 05, 2021

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

Improper Input Validation

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1

CVE-2021-3655 3.3 - Low - August 05, 2021

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

Missing Initialization of Resource

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2

CVE-2021-3682 8.5 - High - August 05, 2021

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

Release of Invalid Pointer or Reference

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way

CVE-2021-3679 5.5 - Medium - August 05, 2021

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.

Resource Exhaustion

A flaw was found in the ptp4l program of the linuxptp package

CVE-2021-3571 7.1 - High - July 09, 2021

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.

Buffer Overflow

A flaw was found in the ptp4l program of the linuxptp package

CVE-2021-3570 8.8 - High - July 09, 2021

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.

Buffer Overflow

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1

CVE-2021-3612 7.8 - High - July 09, 2021

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Buffer Overflow

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5

CVE-2021-3598 5.5 - Medium - July 06, 2021

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Buffer Overflow

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU

CVE-2021-3595 3.8 - Low - June 15, 2021

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Access of Uninitialized Pointer

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU

CVE-2021-3594 3.8 - Low - June 15, 2021

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Access of Uninitialized Pointer

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU

CVE-2021-3593 3.8 - Low - June 15, 2021

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Access of Uninitialized Pointer

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU

CVE-2021-3592 3.8 - Low - June 15, 2021

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Access of Uninitialized Pointer

Improper access control in BlueZ may

CVE-2021-0129 5.7 - Medium - June 09, 2021

Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.

AuthZ

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory

CVE-2021-3533 2.5 - Low - June 09, 2021

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

TOCTTOU

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory

CVE-2021-3532 5.5 - Medium - June 09, 2021

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Information Disclosure

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2

CVE-2021-3565 5.9 - Medium - June 04, 2021

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

Information Disclosure

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA

CVE-2021-3569 5.5 - Medium - June 03, 2021

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability.

Buffer Overflow

A flaw was found in the Linux kernel

CVE-2020-10742 6 - Medium - June 02, 2021

A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.

Memory Corruption

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22

CVE-2021-32027 8.8 - High - June 01, 2021

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Buffer Overflow

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way

CVE-2021-3543 6.7 - Medium - June 01, 2021

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.

NULL Pointer Dereference

There's a flaw in libxml2's xmllint in versions before 2.9.11

CVE-2021-3516 7.8 - High - June 01, 2021

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Dangling pointer

A flaw was found in OpenLDAP in versions before 2.4.56

CVE-2020-25710 7.5 - High - May 28, 2021

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

assertion failure

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem

CVE-2021-20292 6.7 - Medium - May 28, 2021

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

Dangling pointer

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol

CVE-2021-20239 3.3 - Low - May 28, 2021

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.

Information Disclosure

A flaw was found in the ZeroMQ server in versions before 4.3.3

CVE-2021-20236 9.8 - Critical - May 28, 2021

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Memory Corruption

A flaw was found in spice in versions before 0.14.92

CVE-2021-20201 5.3 - Medium - May 28, 2021

A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.

Resource Exhaustion

An information disclosure vulnerability was found in libvirt in versions before 6.3.0

CVE-2020-14301 6.5 - Medium - May 27, 2021

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

Improper Removal of Sensitive Information Before Storage or Transfer

A malicious container image

CVE-2020-1702 3.3 - Low - May 27, 2021

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.

Resource Exhaustion

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0

CVE-2021-30501 5.5 - Medium - May 27, 2021

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.

Improper Input Validation

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0

CVE-2021-30500 7.8 - High - May 27, 2021

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.

NULL Pointer Dereference

A flaw was found in the USB redirector device (usb-redir) of QEMU

CVE-2021-3527 5.5 - Medium - May 26, 2021

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

Allocation of Resources Without Limits or Throttling

A flaw was found in PoDoFo 0.9.7

CVE-2021-30471 5.5 - Medium - May 26, 2021

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.

Stack Exhaustion

A flaw was found in PoDoFo 0.9.7

CVE-2021-30470 5.5 - Medium - May 26, 2021

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.

Stack Exhaustion

A flaw was found in PoDoFo 0.9.7

CVE-2021-30469 5.5 - Medium - May 26, 2021

A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.

Dangling pointer

A flaw was found in NetworkManager in versions before 1.30.0

CVE-2021-20297 5.5 - Medium - May 26, 2021

A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.

Improper Input Validation

A flaw was found in libwebp in versions before 1.0.1

CVE-2020-36332 7.5 - High - May 21, 2021

A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.

Improper Input Validation

A flaw was found in libwebp in versions before 1.0.1

CVE-2020-36331 9.1 - Critical - May 21, 2021

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

Out-of-bounds Read

A flaw was found in libwebp in versions before 1.0.1

CVE-2020-36330 9.1 - Critical - May 21, 2021

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.

Out-of-bounds Read

A flaw was found in libwebp in versions before 1.0.1

CVE-2020-36329 9.8 - Critical - May 21, 2021

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Dangling pointer

A flaw was found in libwebp in versions before 1.0.1

CVE-2020-36328 9.8 - Critical - May 21, 2021

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Memory Corruption

A flaw was found in libwebp in versions before 1.0.1

CVE-2018-25014 9.8 - Critical - May 21, 2021

A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Use of Uninitialized Resource

A flaw was found in libwebp in versions before 1.0.1

CVE-2018-25013 9.1 - Critical - May 21, 2021

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.

Out-of-bounds Read

A flaw was found in libwebp in versions before 1.0.1

CVE-2018-25012 9.1 - Critical - May 21, 2021

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.

Out-of-bounds Read

A flaw was found in libwebp in versions before 1.0.1

CVE-2018-25011 9.8 - Critical - May 21, 2021

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Memory Corruption

A flaw was found in libwebp in versions before 1.0.1

CVE-2018-25010 9.1 - Critical - May 21, 2021

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.

Out-of-bounds Read

A flaw was found in libwebp in versions before 1.0.1

CVE-2018-25009 9.1 - Critical - May 21, 2021

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.

Out-of-bounds Read

There's a flaw in Python 3's pydoc

CVE-2021-3426 5.7 - Medium - May 20, 2021

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Information Disclosure

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11

CVE-2021-3517 8.6 - High - May 19, 2021

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Memory Corruption

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1

CVE-2021-3445 8.8 - High - May 19, 2021

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Improper Verification of Cryptographic Signature

A flaw was found in the RPM package in the read functionality

CVE-2021-3421 5.5 - Medium - May 19, 2021

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

Improper Verification of Cryptographic Signature

There's a flaw in libxml2 in versions before 2.9.11

CVE-2021-3518 8.8 - High - May 18, 2021

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Dangling pointer

A vulnerability found in libxml2 in versions before 2.9.11 shows

CVE-2021-3537 5.9 - Medium - May 14, 2021

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform

CVE-2021-20221 6 - Medium - May 13, 2021

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

Out-of-bounds Read

A flaw was found in OpenJPEGs encoder in the opj_dwt_calc_explicit_stepsizes() function

CVE-2020-27824 5.5 - Medium - May 13, 2021

A flaw was found in OpenJPEGs encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

Out-of-bounds Read

A flaw was found in the hivex library in versions before 1.3.20

CVE-2021-3504 5.4 - Medium - May 11, 2021

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.

Out-of-bounds Read

An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12

CVE-2021-31916 6.7 - Medium - May 06, 2021

An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.

Memory Corruption

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including)

CVE-2021-3507 6.1 - Medium - May 06, 2021

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

Buffer Overflow

A flaw was found in the Linux kernel in versions before 5.12

CVE-2021-3501 7.1 - High - May 06, 2021

A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.

Memory Corruption

A flaw was found in samba

CVE-2021-20254 6.8 - Medium - May 05, 2021

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

Out-of-bounds Read

A flaw was found in xorg-x11-server in versions before 1.20.11

CVE-2021-3472 7.8 - High - April 26, 2021

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Integer underflow

A flaw was found in cifs-utils in versions before 6.13

CVE-2021-20208 6.1 - Medium - April 19, 2021

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Incorrect Privilege Assignment

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

CVE-2021-3497 7.8 - High - April 19, 2021

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

Dangling pointer

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

CVE-2021-3498 7.8 - High - April 19, 2021

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

Buffer Overflow

A flaw was found in libtpms in versions before 0.8.0

CVE-2021-3505 5.5 - Medium - April 19, 2021

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.

Insufficient Entropy

There's a flaw in the BFD library of binutils in versions before 2.36

CVE-2021-3487 6.5 - Medium - April 15, 2021

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Improper Input Validation

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1

CVE-2021-3482 6.5 - Medium - April 08, 2021

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

Buffer Overflow

A flaw was found in dnsmasq in versions before 2.85

CVE-2021-3448 4 - Medium - April 08, 2021

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

Improperly Implemented Security Check for Standard

A flaw was found in Nettle in versions before 3.7.2

CVE-2021-20305 8.1 - High - April 05, 2021

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Use of a Broken or Risky Cryptographic Algorithm

A flaw was found in Nettle in versions before 3.7.2

CVE-2021-20305 8.1 - High - April 05, 2021

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Use of a Broken or Risky Cryptographic Algorithm

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1

CVE-2021-20291 6.5 - Medium - April 01, 2021

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).

Improper Locking

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11

CVE-2021-3393 4.3 - Medium - April 01, 2021

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.

Generation of Error Message Containing Sensitive Information

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers

CVE-2020-35508 4.5 - Medium - March 26, 2021

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.

Improper Initialization

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not

CVE-2020-35518 5.3 - Medium - March 26, 2021

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Information Disclosure

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar

CVE-2021-20197 6.3 - Medium - March 26, 2021

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

insecure temporary file

A flaw was found in RPM's signature check functionality when reading a package file

CVE-2021-20271 7 - High - March 26, 2021

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Insufficient Verification of Data Authenticity

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder

CVE-2021-3443 5.5 - Medium - March 25, 2021

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

NULL Pointer Dereference

A flaw was found in libtpms in versions before 0.8.2

CVE-2021-3446 5.5 - Medium - March 25, 2021

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

Use of a Broken or Risky Cryptographic Algorithm

A flaw was found in libmicrohttpd in versions before 0.9.71

CVE-2021-3466 9.8 - Critical - March 25, 2021

A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Classic Buffer Overflow

A flaw was found in Privoxy in versions before 3.0.29

CVE-2020-35502 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.

Memory Leak

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20210 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.

Memory Leak

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20211 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.

Memory Leak

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20212 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.

Memory Leak

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20213 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.

NULL Pointer Dereference

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20214 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.

Memory Leak

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20215 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.

Memory Leak

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective

CVE-2021-3409 5.7 - Medium - March 23, 2021

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.

Buffer Overflow

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input

CVE-2021-20270 7.5 - High - March 23, 2021

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Infinite Loop

A flaw was found in http-proxy-agent, prior to version 2.1.0

CVE-2019-10196 9.8 - Critical - March 19, 2021

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.

Improper Initialization

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0

CVE-2021-3416 6 - Medium - March 18, 2021

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

Infinite Loop

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1

CVE-2019-14850 3.7 - Low - March 18, 2021

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.

Network Amplification

A flaw was found in multiple versions of OpenvSwitch

CVE-2020-27827 7.5 - High - March 18, 2021

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

Resource Exhaustion

A flaw was found in libnbd 1.7.3

CVE-2021-20286 2.7 - Low - March 15, 2021

A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.

assertion failure

A flaw was found in pki-core

CVE-2021-20179 8.1 - High - March 15, 2021

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

AuthZ

A flaw was found in gnutls

CVE-2021-20231 9.8 - Critical - March 12, 2021

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

Dangling pointer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for NetApp E Series Performance Analyzer or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe