Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-07-09 | CVE-2021-3570 | A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. | Debian_linux, Fedora, Linuxptp, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_eus, Enterprise_linux_tus | 8.8 | ||
2021-07-09 | CVE-2021-3571 | A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1. | Fedora, Linuxptp, Enterprise_linux | 7.1 | ||
2021-07-09 | CVE-2021-3612 | An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | Debian_linux, Fedora, Linux_kernel, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy, Enterprise_linux | 7.8 | ||
2021-08-13 | CVE-2021-3573 | A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. | Fedora, Linux_kernel, Enterprise_linux | 6.4 | ||
2021-08-25 | CVE-2021-3605 | There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | Debian_linux, Openexr, Enterprise_linux | 5.5 | ||
2021-08-27 | CVE-2021-40153 | squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. | Debian_linux, Fedora, Enterprise_linux, Squashfs\-Tools | 8.1 | ||
2021-09-07 | CVE-2021-33285 | In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is... | Debian_linux, Fedora, Enterprise_linux, Ntfs\-3g | 7.8 | ||
2021-09-07 | CVE-2021-39251 | A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. | Debian_linux, Fedora, Enterprise_linux, Ntfs\-3g | 7.8 | ||
2021-10-04 | CVE-2021-32672 | Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. | Debian_linux, Fedora, Management_services_for_element_software, Management_services_for_netapp_hci, Communications_operations_monitor, Enterprise_linux, Software_collections, Redis | 4.3 | ||
2021-11-04 | CVE-2021-43389 | An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. | Debian_linux, Linux_kernel, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy, Enterprise_linux | 5.5 |