Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:redhat:enterprise_linux:7.0
There are 625 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2021-3472

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published: April 26, 2021; 11:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-20208

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Published: April 19, 2021; 6:15:12 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-3498

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

Published: April 19, 2021; 5:15:13 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-3497

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

Published: April 19, 2021; 5:15:13 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-26582

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS).

Published: April 15, 2021; 2:15:12 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-3487

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Published: April 15, 2021; 10:15:17 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2021-20305

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Published: April 05, 2021; 6:15:12 PM -0400
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-35518

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Published: March 26, 2021; 1:15:12 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-3466

A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published: March 25, 2021; 3:15:15 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2021-3443

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

Published: March 25, 2021; 3:15:14 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-20215

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.

Published: March 25, 2021; 3:15:13 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-20214

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.

Published: March 25, 2021; 3:15:13 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.

Published: March 25, 2021; 3:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2021-20212

A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.

Published: March 25, 2021; 3:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-20211

A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.

Published: March 25, 2021; 3:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-20210

A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.

Published: March 25, 2021; 3:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2020-35502

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.

Published: March 25, 2021; 3:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2019-19354

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Published: March 24, 2021; 1:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-3409

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.

Published: March 23, 2021; 5:15:14 PM -0400
V3.1: 5.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2021-20270

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Published: March 23, 2021; 1:15:13 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM