Redhat Enterprise Linux vulnerabilities

CVE-2021-3518 [HIGH] CWE-416 CVE-2021-3518: There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted fil There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

CVE-2021-3537 [MEDIUM] CWE-476 CVE-2021-3537: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors wh A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability

CVE-2021-20221 [MEDIUM] CWE-125 CVE-2021-20221: An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields

CVE-2020-27824 [MEDIUM] CWE-20 CVE-2020-27824: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

CVE-2021-3504 [MEDIUM] CWE-125 CVE-2021-3504: A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bound A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is

CVE-2021-3501 [HIGH] CWE-787 CVE-2021-3501: A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KV A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.

CVE-2021-3507 [MEDIUM] CWE-119 CVE-2021-3507: A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It cou A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or p

CVE-2021-31916 [MEDIUM] CWE-787 CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the M An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.

CVE-2021-20254 [MEDIUM] CWE-125 CVE-2021-20254: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those v

CVE-2021-3472 [HIGH] CWE-191 CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xs A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-3498 [HIGH] CWE-119 CVE-2021-3498: GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

CVE-2021-3497 [HIGH] CWE-416 CVE-2021-3497: GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

CVE-2021-3505 [MEDIUM] CWE-331 CVE-2021-3505: A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.

CVE-2021-20208 [MEDIUM] CWE-266 CVE-2021-20208: A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

CVE-2021-3482 [MEDIUM] CWE-20 CVE-2021-3482: A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

CVE-2021-3448 [MEDIUM] CWE-358 CVE-2021-3448: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This

CVE-2021-20305 [HIGH] CWE-327 CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification fun A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing

CVE-2021-3393 [MEDIUM] CWE-209 CVE-2021-3393: An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11. An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information sto

CVE-2021-20291 [MEDIUM] CWE-667 CVE-2021-20291: A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. Whe A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which neve

CVE-2021-20271 [HIGH] CWE-345 CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allow A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality,