Redhat: >> Enterprise Linux Security Vulnerabilities
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-03-19
IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.
CVSS Score
3.7
EPSS Score
0.002
Published
2021-03-19
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
CVSS Score
6.0
EPSS Score
0.0
Published
2021-03-18
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
CVSS Score
3.7
EPSS Score
0.004
Published
2021-03-18
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-03-18
It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-03-16
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
CVSS Score
2.7
EPSS Score
0.001
Published
2021-03-15
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-03-15
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-03-12
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-03-12