Product:

Enterprise_linux

(Redhat)
Date Id Summary Products Score Patch Annotated
2021-05-20 CVE-2021-3426 There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. Debian_linux, Fedora, Cloud_backup, Ontap_select_deploy_administration_utility, Snapcenter, Communications_cloud_native_core_binding_support_function, Zfs_storage_appliance_kit, Python, Enterprise_linux, Software_collections 5.7
2021-05-21 CVE-2020-36332 A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. Debian_linux, Ontap_select_deploy_administration_utility, Enterprise_linux, Libwebp 7.5
2021-05-28 CVE-2020-25710 A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. Debian_linux, Fedora, Openldap, Enterprise_linux, Jboss_core_services, Jboss_enterprise_application_platform, Jboss_enterprise_web_server 7.5
2021-05-28 CVE-2021-20236 A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Fedora, Ceph_storage, Enterprise_linux, Zeromq 9.8
2021-05-28 CVE-2021-20239 A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. Fedora, Linux_kernel, Enterprise_linux 3.3
2021-06-04 CVE-2021-3565 A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. Fedora, Enterprise_linux, Tpm2\-Tools 5.9
2021-06-01 CVE-2021-32027 A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Postgresql, Enterprise_linux, Jboss_enterprise_application_platform, Software_collections 8.8
2021-06-01 CVE-2021-3516 There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. Debian_linux, Fedora, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Ontap_select_deploy_administration_utility, Zfs_storage_appliance_kit, Enterprise_linux, Jboss_core_services, Xmllint 7.8
2021-06-01 CVE-2021-3543 A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system. Fedora, Nitro_enclaves, Enterprise_linux 6.7
2021-06-15 CVE-2021-3592 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. Debian_linux, Fedora, Libslirp, Enterprise_linux 3.8