Tag Id Distro CVE ID Type Severity Packages Source Package Package Version Package License CVSS Fix Status Risk Factors Description Cause Containers Published Vulnerability Link

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-3580

OS

moderate

nettle

3.4.1-4.el8_3

LGPLv3+ or GPLv2+

7.5

affected

Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

1

2021-08-05 21:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3580

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2020-16135

OS

low

libssh

0.9.4-2.el8

LGPLv2+

5.9

open

Attack vector: network, Recent vulnerability

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.

1

2020-07-29 21:15:00.000

https://access.redhat.com/security/cve/cve-2020-16135

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-22898

OS

low

curl

7.61.1-18.el8

MIT

3.1

affected

Attack vector: network, Recent vulnerability

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

1

2021-06-11 16:15:00.000

https://access.redhat.com/security/cve/CVE-2021-22898

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-22876

OS

moderate

curl

7.61.1-18.el8

MIT

3.7

affected

Attack vector: network, Medium severity, Recent vulnerability

curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

1

2021-04-01 18:15:00.000

https://access.redhat.com/security/cve/CVE-2021-22876

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-22923

OS

moderate

curl

7.61.1-18.el8

MIT

5.7

affected

Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

1

2021-08-05 21:15:00.000

https://access.redhat.com/security/cve/CVE-2021-22923

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-22922

OS

moderate

curl

7.61.1-18.el8

MIT

5.7

affected

Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

1

2021-08-05 21:15:00.000

https://access.redhat.com/security/cve/CVE-2021-22922

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-22924

OS

moderate

curl

7.61.1-18.el8

MIT

3.1

affected

Attack vector: network, Medium severity, Recent vulnerability

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \'issuercert\' into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the \'issuer cert\' which a transfer can setto qualify how to verify the server certificate.

1

2021-08-05 21:15:00.000

https://access.redhat.com/security/cve/CVE-2021-22924

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-22925

OS

low

curl

7.61.1-18.el8

MIT

3.1

affected

Attack vector: network, Recent vulnerability

curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

1

2021-08-05 21:15:00.000

https://access.redhat.com/security/cve/CVE-2021-22925

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-28153

OS

low

glib2

2.56.4-10.el8_4.1

LGPLv2+

5.3

affected

Attack complexity: low, Attack vector: network, Recent vulnerability

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

1

2021-03-11 22:15:00.000

https://access.redhat.com/security/cve/CVE-2021-28153

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-33574

OS

low

glibc

2.28-151.el8

LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL

5.9

affected

Attack vector: network, DoS, Recent vulnerability

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

1

2021-05-25 22:15:00.000

https://access.redhat.com/security/cve/CVE-2021-33574

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-35942

OS

moderate

glibc

2.28-151.el8

LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL

9.1

affected

Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

1

2021-07-22 18:15:00.000

https://access.redhat.com/security/cve/CVE-2021-35942

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-36087

OS

moderate

libsepol

2.9-2.el8

LGPLv2+

3.3

affected

Attack complexity: low, Medium severity, Recent vulnerability

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.

1

2021-07-01 03:15:00.000

https://access.redhat.com/security/cve/CVE-2021-36087

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-36085

OS

moderate

libsepol

2.9-2.el8

LGPLv2+

3.3

affected

Attack complexity: low, Medium severity, Recent vulnerability

The CIL compiler in SELinux 3.2 has a use-after-free in cil_verify_classperms (called from verify_map_perm_classperms and hashtab_map).

1

2021-07-01 03:15:00.000

https://access.redhat.com/security/cve/CVE-2021-36085

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-36084

OS

moderate

libsepol

2.9-2.el8

LGPLv2+

3.3

affected

Attack complexity: low, Medium severity, Recent vulnerability

The CIL compiler in SELinux 3.2 has a use-after-free in cil_verify_classperms (called from cil_verify_classpermission and __cil_pre_verify_helper).

1

2021-07-01 03:15:00.000

https://access.redhat.com/security/cve/CVE-2021-36084

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-36086

OS

moderate

libsepol

2.9-2.el8

LGPLv2+

3.3

affected

Attack complexity: low, Medium severity, Recent vulnerability

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).

1

2021-07-01 03:15:00.000

https://access.redhat.com/security/cve/CVE-2021-36086

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-33560

OS

moderate

libgcrypt

1.8.5-4.el8

LGPLv2+

7.5

affected

Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. (There is also an interoperability problem because the selection of the k integer value does not properly consider the differences between basic ElGamal encryption and generalized ElGamal encryption.) This, for example, affects use of ElGamal in OpenPGP.

1

2021-06-08 11:15:00.000

https://access.redhat.com/security/cve/CVE-2021-33560

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2020-14155

OS

low

pcre

8.42-4.el8

BSD

5.3

affected

Attack complexity: low, Attack vector: network, Recent vulnerability

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a

1

2020-06-15 17:15:00.000

https://access.redhat.com/security/cve/CVE-2020-14155

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2019-20838

OS

low

pcre

8.42-4.el8

BSD

7.5

affected

Attack complexity: low, Attack vector: network

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.

1

2020-06-15 17:15:00.000

https://access.redhat.com/security/cve/CVE-2019-20838

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-20232

OS

moderate

gnutls

3.6.14-8.el8_3

GPLv3+ and LGPLv2+

3.7

affected

Attack vector: network, Medium severity, Recent vulnerability

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

1

2021-03-12 19:15:00.000

https://access.redhat.com/security/cve/CVE-2021-20232

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-20231

OS

moderate

gnutls

3.6.14-8.el8_3

GPLv3+ and LGPLv2+

3.7

affected

Attack vector: network, Medium severity, Recent vulnerability

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

1

2021-03-12 19:15:00.000

https://access.redhat.com/security/cve/CVE-2021-20231

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-3421

OS

moderate

rpm

4.14.3-14.el8_4

GPLv2+

4.7

affected

Medium severity, Recent vulnerability

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

1

2021-05-19 14:15:00.000

https://access.redhat.com/security/cve/CVE-2021-3421

defender_21_08_514

sha256:aaf13f247f08039f819772fb45c86d45d48342c607fe05a65fece7e5a6e0e21b

redhat-RHEL8

CVE-2021-20266

OS

low

rpm

4.14.3-14.el8_4

GPLv2+

3.1

affected

Attack vector: network, Recent vulnerability

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

1

2021-04-30 12:15:00.000

https://access.redhat.com/security/cve/CVE-2021-20266