Product:

Enterprise_linux

(Redhat)
Repositories https://github.com/torvalds/linux
https://github.com/Perl/perl5
https://github.com/ceph/ceph
https://github.com/ClusterLabs/pcs
https://github.com/mjg59/linux
#Vulnerabilities 1650
Date Id Summary Products Score Patch Annotated
2021-11-22 CVE-2021-3935 When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. Debian_linux, Fedora, Pgbouncer, Enterprise_linux 8.1
2021-12-08 CVE-2021-4048 An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. Fedora, Julia, Lapack, Openblas, Ceph_storage, Enterprise_linux, Openshift_container_storage, Openshift_data_foundation 9.1
2021-12-15 CVE-2021-45078 stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. Debian_linux, Fedora, Binutils, Ontap_select_deploy_administration_utility, Enterprise_linux 7.8
2021-12-23 CVE-2021-45463 load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature. Fedora, Gegl, Gimp, Enterprise_linux 7.8
2021-12-23 CVE-2021-4024 A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used... Fedora, Podman, Enterprise_linux 6.5
2021-12-23 CVE-2021-3622 A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability. Fedora, Enterprise_linux, Enterprise_linux_workstation, Hivex 4.3
2021-12-25 CVE-2021-4166 vim is vulnerable to Out-of-bounds Read Mac_os_x, Macos, Debian_linux, Fedora, Factory, Enterprise_linux, Linux_enterprise, Vim 7.1
2022-02-11 CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. Debian_linux, Fedora, Libtiff, Ontap_select_deploy_administration_utility, Enterprise_linux 5.5
2022-02-18 CVE-2021-20320 A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. Fedora, Linux_kernel, Enterprise_linux 5.5
2022-02-18 CVE-2021-20321 A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. Debian_linux, Linux_kernel, Enterprise_linux 4.7