Enterprise_linux - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Enterprise_linux
(Redhat)

Repositories

• https://github.com/torvalds/linux
• https://github.com/Perl/perl5
• https://github.com/ceph/ceph
• https://github.com/ClusterLabs/pcs
• https://github.com/mjg59/linux

• https://github.com/apache/httpd
• https://github.com/opencontainers/runc
• https://github.com/bonzini/qemu
• https://github.com/codehaus-plexus/plexus-archiver
• https://github.com/openssh/openssh-portable
• https://github.com/kyz/libmspack
• https://github.com/git/git
• https://github.com/mysql/mysql-server
• https://github.com/neomutt/neomutt
• https://github.com/php/php-src
• https://github.com/vadz/libtiff
• https://github.com/numpy/numpy
• https://github.com/bagder/curl
• https://github.com/ClusterLabs/pacemaker
• https://github.com/hercules-team/augeas

#Vulnerabilities

1674

Date	Id	Summary	Products	Score	Patch	Annotated
2022-08-23	CVE-2021-3839	A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.	Data_plane_development_kit, Fedora, Enterprise_linux, Enterprise_linux_fast_datapath	7.5
2022-08-23	CVE-2021-3975	A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.	Ubuntu_linux, Debian_linux, Fedora, Ontap_select_deploy_administration_utility, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Libvirt	6.5
2022-08-23	CVE-2021-3997	A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.	Fedora, Enterprise_linux, Systemd	5.5
2022-08-23	CVE-2022-2938	A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.	Fedora, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Enterprise_linux	7.8
2022-08-24	CVE-2021-4158	A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.	Qemu, Enterprise_linux	6.0
2022-08-24	CVE-2021-4159	A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.	Debian_linux, Linux_kernel, Enterprise_linux	4.4
2022-08-24	CVE-2021-4204	An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.	Debian_linux, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Enterprise_linux	7.1
2022-08-24	CVE-2021-4189	A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.	Debian_linux, Ontap_select_deploy_administration_utility, Python, Enterprise_linux, Software_collections	5.3
2022-08-24	CVE-2021-4209	A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.	Gnutls, Active_iq_unified_manager, Hci_bootstrap_os, Solidfire_\&_hci_management_node, Enterprise_linux	6.5
2022-08-24	CVE-2021-4213	A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.	Debian_linux, Network_security_services_for_java, Enterprise_linux	7.5