Tag Id Distro CVE ID Type Severity Packages Source Package Package Version Package License CVSS Fix Status Risk Factors Description Cause Published Binaries Vulnerability Link

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-27218

OS

moderate

glib2

2.56.4-9.el8

LGPLv2+

7.5

affected

Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

2021-02-15 17:15:00.000

https://access.redhat.com/security/cve/CVE-2021-27218

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-27219

OS

important

glib2

2.56.4-9.el8

LGPLv2+

9.8

fixed in 2.56.4-10.el8_4

Attack complexity: low, Attack vector: network, Has fix, High severity, Recent vulnerability

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

2021-02-15 17:15:00.000

https://access.redhat.com/security/cve/CVE-2021-27219

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-28153

OS

low

glib2

2.56.4-9.el8

LGPLv2+

5.3

affected

Attack complexity: low, Attack vector: network, Recent vulnerability

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

2021-03-11 22:15:00.000

https://access.redhat.com/security/cve/CVE-2021-28153

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2020-12762

OS

unimportant

json-c

0.13.1-0.4.el8

MIT

7.8

will not fix

Attack complexity: low, Recent vulnerability

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

2020-05-09 18:15:00.000

https://access.redhat.com/security/cve/CVE-2020-12762

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2019-13057

OS

unimportant

openldap

2.4.46-16.el8

OpenLDAP

6.5

will not fix

Attack complexity: low, Attack vector: network

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

2019-07-26 13:15:00.000

https://access.redhat.com/security/cve/CVE-2019-13057

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2020-16135

OS

low

libssh

0.9.4-2.el8

LGPLv2+

5.9

open

Attack vector: network, Recent vulnerability

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.

2020-07-29 21:15:00.000

https://access.redhat.com/security/cve/cve-2020-16135

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-22876

OS

moderate

curl

7.61.1-18.el8

MIT

3.7

affected

Attack vector: network, Medium severity, Recent vulnerability

curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

2021-04-01 18:15:00.000

https://access.redhat.com/security/cve/CVE-2021-22876

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2019-1010022

OS

unimportant

glibc

2.28-151.el8

LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL

8.1

will not fix

Attack vector: network

DISPUTED GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"

2019-07-15 04:15:00.000

https://access.redhat.com/security/cve/CVE-2019-1010022

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-33574

OS

low

glibc

2.28-151.el8

LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL

5.9

affected

Attack vector: network, DoS, Recent vulnerability

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

2021-05-25 22:15:00.000

https://access.redhat.com/security/cve/CVE-2021-33574

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-3517

OS

moderate

libxml2

2.9.7-9.el8

MIT

8.6

affected

Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

2021-05-19 14:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3517

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-3518

OS

moderate

libxml2

2.9.7-9.el8

MIT

8.6

affected

Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

2021-05-18 12:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3518

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-3537

OS

moderate

libxml2

2.9.7-9.el8

MIT

7.5

affected

Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

2021-05-14 20:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3537

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-3516

OS

moderate

libxml2

2.9.7-9.el8

MIT

6.6

affected

Attack complexity: low, Medium severity, Recent vulnerability

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

2021-06-01 14:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3516

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2019-20838

OS

low

pcre

8.42-4.el8

BSD

7.5

affected

Attack complexity: low, Attack vector: network

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.

2020-06-15 17:15:00.000

https://access.redhat.com/security/cve/CVE-2019-20838

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2020-14155

OS

low

pcre

8.42-4.el8

BSD

5.3

affected

Attack complexity: low, Attack vector: network, Recent vulnerability

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a

2020-06-15 17:15:00.000

https://access.redhat.com/security/cve/CVE-2020-14155

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2018-1000879

OS

unimportant

libarchive

3.3.3-1.el8

BSD

3.3

will not fix

Attack complexity: low, DoS

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

2018-12-20 17:29:00.000

https://access.redhat.com/security/cve/CVE-2018-1000879

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2018-1000880

OS

unimportant

libarchive

3.3.3-1.el8

BSD

3.3

will not fix

Attack complexity: low, DoS

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.

2018-12-20 17:29:00.000

https://access.redhat.com/security/cve/CVE-2018-1000880

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-20231

OS

moderate

gnutls

3.6.14-8.el8_3

GPLv3+ and LGPLv2+

3.7

affected

Attack vector: network, Medium severity, Recent vulnerability

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

2021-03-12 19:15:00.000

https://access.redhat.com/security/cve/CVE-2021-20231

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-20232

OS

moderate

gnutls

3.6.14-8.el8_3

GPLv3+ and LGPLv2+

3.7

affected

Attack vector: network, Medium severity, Recent vulnerability

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

2021-03-12 19:15:00.000

https://access.redhat.com/security/cve/CVE-2021-20232

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-3421

OS

moderate

rpm

4.14.3-13.el8

GPLv2+

4.7

affected

Medium severity, Recent vulnerability

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

2021-05-19 14:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3421

defender_21_04_421

sha256:f454f181ac3078a47c469da81d66c17068aff6d804e7aed2a3e8222e53984bca

redhat-RHEL8

CVE-2021-20266

OS

low

rpm

4.14.3-13.el8

GPLv2+

3.1

affected

Attack vector: network, Recent vulnerability

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

2021-04-30 12:15:00.000

https://access.redhat.com/security/cve/CVE-2021-20266