Enterprise_linux - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Enterprise_linux
(Redhat)

Repositories

• https://github.com/torvalds/linux
• https://github.com/Perl/perl5
• https://github.com/ceph/ceph
• https://github.com/ClusterLabs/pcs
• https://github.com/mjg59/linux

• https://github.com/apache/httpd
• https://github.com/opencontainers/runc
• https://github.com/bonzini/qemu
• https://github.com/codehaus-plexus/plexus-archiver
• https://github.com/openssh/openssh-portable
• https://github.com/kyz/libmspack
• https://github.com/git/git
• https://github.com/mysql/mysql-server
• https://github.com/neomutt/neomutt
• https://github.com/php/php-src
• https://github.com/vadz/libtiff
• https://github.com/numpy/numpy
• https://github.com/bagder/curl
• https://github.com/ClusterLabs/pacemaker
• https://github.com/hercules-team/augeas

#Vulnerabilities

1687

Date	Id	Summary	Products	Score	Patch	Annotated
2021-04-01	CVE-2021-3393	An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.	Postgresql, Enterprise_linux, Software_collections	4.3
2021-04-01	CVE-2021-20291	A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using...	Fedora, Enterprise_linux, Openshift_container_platform, Storage	6.5
2021-04-05	CVE-2021-20305	A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.	Debian_linux, Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Nettle, Enterprise_linux	8.1
2021-04-08	CVE-2021-3448	A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.	Fedora, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_linux, Dnsmasq	4.0
2021-04-08	CVE-2021-3482	A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.	Debian_linux, Exiv2, Fedora, Enterprise_linux	6.5
2021-04-19	CVE-2021-20208	A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.	Fedora, Enterprise_linux, Cifs\-Utils	6.1
2021-04-19	CVE-2021-3497	GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.	Debian_linux, Gstreamer, Enterprise_linux	7.8
2021-04-19	CVE-2021-3498	GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.	Debian_linux, Gstreamer, Enterprise_linux	7.8
2021-04-19	CVE-2021-3505	A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.	Fedora, Libtpms, Enterprise_linux	5.5
2021-04-26	CVE-2021-3472	A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	Debian_linux, Fedora, Enterprise_linux, X_server	7.8