Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-26 | CVE-2021-20197 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. | Brocade_fabric_operating_system_firmware, Binutils, Cloud_backup, Ontap_select_deploy_administration_utility, Solidfire_\&_hci_management_node, Enterprise_linux | 6.3 | ||
| 2021-03-26 | CVE-2021-20271 | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. | Fedora, Enterprise_linux, Rpm, Starwind_virtual_san | 7.0 | ||
| 2021-04-01 | CVE-2021-3393 | An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. | Postgresql, Enterprise_linux, Software_collections | 4.3 | ||
| 2021-04-01 | CVE-2021-20291 | A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using... | Fedora, Enterprise_linux, Openshift_container_platform, Storage | 6.5 | ||
| 2021-04-05 | CVE-2021-20305 | A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. | Debian_linux, Fedora, Active_iq_unified_manager, Ontap_select_deploy_administration_utility, Nettle, Enterprise_linux | 8.1 | ||
| 2021-04-08 | CVE-2021-3448 | A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. | Fedora, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_linux, Dnsmasq | 4.0 | ||
| 2021-04-08 | CVE-2021-3482 | A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. | Debian_linux, Exiv2, Fedora, Enterprise_linux | 6.5 | ||
| 2021-04-19 | CVE-2021-20208 | A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. | Fedora, Enterprise_linux, Cifs\-Utils | 6.1 | ||
| 2021-04-19 | CVE-2021-3497 | GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. | Debian_linux, Gstreamer, Enterprise_linux | 7.8 | ||
| 2021-04-19 | CVE-2021-3498 | GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. | Debian_linux, Gstreamer, Enterprise_linux | 7.8 |