Tag Id Distro CVE ID Type Severity Packages Source Package Package Version Package License CVSS Fix Status Risk Factors Description Cause Published Vulnerability Link

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-3520

OS

moderate

lz4-libs

1.8.3-2.el8

GPLv2+ and BSD

8.6

fixed in 1.8.3-3.el8_4

Attack complexity: low, Attack vector: network, Has fix, Medium severity, Recent vulnerability

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

2021-06-02 13:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3520

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2020-12762

OS

unimportant

json-c

0.13.1-0.4.el8

MIT

7.8

will not fix

Attack complexity: low, Recent vulnerability

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

2020-05-09 18:15:00.000

https://access.redhat.com/security/cve/CVE-2020-12762

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2019-13057

OS

unimportant

openldap

2.4.46-16.el8

OpenLDAP

6.5

will not fix

Attack complexity: low, Attack vector: network

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

2019-07-26 13:15:00.000

https://access.redhat.com/security/cve/CVE-2019-13057

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2020-16135

OS

low

libssh

0.9.4-2.el8

LGPLv2+

5.9

open

Attack vector: network, Recent vulnerability

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.

2020-07-29 21:15:00.000

https://access.redhat.com/security/cve/cve-2020-16135

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-22876

OS

moderate

curl

7.61.1-18.el8

MIT

3.7

affected

Attack vector: network, Medium severity, Recent vulnerability

curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

2021-04-01 18:15:00.000

https://access.redhat.com/security/cve/CVE-2021-22876

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-22898

OS

low

curl

7.61.1-18.el8

MIT

3.1

affected

Attack vector: network, Recent vulnerability

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

2021-06-11 16:15:00.000

https://access.redhat.com/security/cve/CVE-2021-22898

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-20271

OS

moderate

rpm-libs

4.14.3-13.el8

GPLv2+ and LGPLv2+ with exceptions

6.7

fixed in 4.14.3-14.el8_4

Has fix, Medium severity, Recent vulnerability

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

2021-03-26 17:15:00.000

https://access.redhat.com/security/cve/CVE-2021-20271

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-27218

OS

moderate

glib2

2.56.4-10.el8_4

LGPLv2+

7.5

affected

Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

2021-02-15 17:15:00.000

https://access.redhat.com/security/cve/CVE-2021-27218

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-28153

OS

low

glib2

2.56.4-10.el8_4

LGPLv2+

5.3

affected

Attack complexity: low, Attack vector: network, Recent vulnerability

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

2021-03-11 22:15:00.000

https://access.redhat.com/security/cve/CVE-2021-28153

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2019-1010022

OS

unimportant

glibc

2.28-151.el8

LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL

9.8

will not fix

Attack vector: network

DISPUTED GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"

2019-07-15 04:15:00.000

https://access.redhat.com/security/cve/CVE-2019-1010022

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-33574

OS

low

glibc

2.28-151.el8

LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL

5.9

affected

Attack vector: network, DoS, Recent vulnerability

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

2021-05-25 22:15:00.000

https://access.redhat.com/security/cve/CVE-2021-33574

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-3516

OS

moderate

libxml2

2.9.7-9.el8

MIT

7.8

fixed in 2.9.7-9.el8_4.2

Attack complexity: low, Has fix, Medium severity, Recent vulnerability

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

2021-06-01 14:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3516

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-3517

OS

moderate

libxml2

2.9.7-9.el8

MIT

8.6

fixed in 2.9.7-9.el8_4.2

Attack complexity: low, Attack vector: network, Has fix, Medium severity, Recent vulnerability

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

2021-05-19 14:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3517

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-3518

OS

moderate

libxml2

2.9.7-9.el8

MIT

8.6

fixed in 2.9.7-9.el8_4.2

Attack complexity: low, Attack vector: network, Has fix, Medium severity, Recent vulnerability

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

2021-05-18 12:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3518

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-3537

OS

moderate

libxml2

2.9.7-9.el8

MIT

7.5

fixed in 2.9.7-9.el8_4.2

Attack complexity: low, Attack vector: network, Has fix, Medium severity, Recent vulnerability

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

2021-05-14 20:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3537

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-3541

OS

moderate

libxml2

2.9.7-9.el8

MIT

6.5

fixed in 2.9.7-9.el8_4.2

Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

2021-07-09 17:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3541

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-33560

OS

moderate

libgcrypt

1.8.5-4.el8

LGPLv2+

7.5

affected

Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. (There is also an interoperability problem because the selection of the k integer value does not properly consider the differences between basic ElGamal encryption and generalized ElGamal encryption.) This, for example, affects use of ElGamal in OpenPGP.

2021-06-08 11:15:00.000

https://access.redhat.com/security/cve/CVE-2021-33560

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2019-20838

OS

low

pcre

8.42-4.el8

BSD

7.5

affected

Attack complexity: low, Attack vector: network

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.

2020-06-15 17:15:00.000

https://access.redhat.com/security/cve/CVE-2019-20838

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2020-14155

OS

low

pcre

8.42-4.el8

BSD

5.3

affected

Attack complexity: low, Attack vector: network, Recent vulnerability

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a

2020-06-15 17:15:00.000

https://access.redhat.com/security/cve/CVE-2020-14155

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2018-1000879

OS

unimportant

libarchive

3.3.3-1.el8

BSD

3.3

will not fix

Attack complexity: low, DoS

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

2018-12-20 17:29:00.000

https://access.redhat.com/security/cve/CVE-2018-1000879

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2018-1000880

OS

unimportant

libarchive

3.3.3-1.el8

BSD

3.3

will not fix

Attack complexity: low, DoS

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.

2018-12-20 17:29:00.000

https://access.redhat.com/security/cve/CVE-2018-1000880

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-20231

OS

moderate

gnutls

3.6.14-8.el8_3

GPLv3+ and LGPLv2+

3.7

affected

Attack vector: network, Medium severity, Recent vulnerability

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

2021-03-12 19:15:00.000

https://access.redhat.com/security/cve/CVE-2021-20231

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-20232

OS

moderate

gnutls

3.6.14-8.el8_3

GPLv3+ and LGPLv2+

3.7

affected

Attack vector: network, Medium severity, Recent vulnerability

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

2021-03-12 19:15:00.000

https://access.redhat.com/security/cve/CVE-2021-20232

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-20266

OS

low

rpm

4.14.3-13.el8

GPLv2+

3.1

affected

Attack vector: network, Recent vulnerability

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

2021-04-30 12:15:00.000

https://access.redhat.com/security/cve/CVE-2021-20266

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-20271

OS

moderate

rpm

4.14.3-13.el8

GPLv2+

6.7

fixed in 4.14.3-14.el8_4

Has fix, Medium severity, Recent vulnerability

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

2021-03-26 17:15:00.000

https://access.redhat.com/security/cve/CVE-2021-20271

defender_21_04_439

sha256:8d82e2c21c33e1ffb37ea901d18df15c08123258609e6d7c4aecc7fb4a5a8738

redhat-RHEL8

CVE-2021-3421

OS

moderate

rpm

4.14.3-13.el8

GPLv2+

4.7

affected

Medium severity, Recent vulnerability

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

2021-05-19 14:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3421